1. Field of the Invention
This invention relates to trusted identities on a trusted computing platform, in particular, to a method of creating trusted identities on a trusted computing platform.
2. Description of Related Art
Application WO 00/48063 of the present applicant discloses a security solution to allow a user of a trusted computing platform (TCP) to check the integrity of that platform That prior application is incorporated herein by reference. That application also discloses the possibility of providing multiple platform identities consisting of a cryptographic key and digital certificate. A platform may have several identities, which might be used for interactions with different parties. Each platform in a transaction can check the other's identity to verify that the other is a TCP and is working as expected. In the TCP specification disclosed above such multiple identities remain completely separate. The multiple identities, consisting of a cryptographic key and certificate are known as labels. For each label which is created, a trusted device (TD) in the user's trusted platform generates a public/private key pair for use with the new identity/label.
For an entity of any kind (such as a computing platform, identity or service) to be trusted, in this context, means that a third party can have some level of confidence that the entity has a stated identity, is not subject to unauthorised modification, or both. In the case of a trusted device, this is achieved by physical and logical isolation from other functional elements of a computing platform—communication with the trusted device is controlled in such a manner that communications received by the trusted device will not subvert it and that communications received from the trusted device can themselves be trusted.